![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
How are you detecting the Sony DRM root kit for your network?
- Thread starter jonw757
- Start date
http://blogs.technet.com/antimalware/archive/2005/11/17.aspx
This posting is provided "AS IS" with no warranties, and confers no rights.
This posting is provided "AS IS" with no warranties, and confers no rights.
Monkey34
Supreme [H]ardness
- Joined
- Apr 11, 2003
- Messages
- 5,140
I get a "page not able to be displayed". 
I MUST have this crap on my rig............but I'd like to know for sure. Then how do you get rid of it? I've heard the un-install leaves you worse off than before.
I MUST have this crap on my rig............but I'd like to know for sure. Then how do you get rid of it? I've heard the un-install leaves you worse off than before.
Hi
Try the rootkit revealer at sysinternals. Its free. I'm actually writting a deployment script for it now so I can roll it out to 4000 machines... Not like I need to sleep anyway.
For me, this is the last straw. I'm going to get the heat on our bosses to move to gentoo or, at a push, mandriva.
P.S - If you need a remote admin client take a look at www.kaseya.com (its not free though).
L
Try the rootkit revealer at sysinternals. Its free. I'm actually writting a deployment script for it now so I can roll it out to 4000 machines... Not like I need to sleep anyway.
For me, this is the last straw. I'm going to get the heat on our bosses to move to gentoo or, at a push, mandriva.
P.S - If you need a remote admin client take a look at www.kaseya.com (its not free though).
L
This wasn't a windows problem. Why would you think it was? This was your users having Admin access. (Same as root in linux)Linuxtim said:
And the page says that the microsoft online scanner now removes the malware at:
http://safety.live.com
This posting is provided "AS IS" with no warranties, and confers no rights.
Whatsisname
[H]F Junkie
- Joined
- Nov 15, 2000
- Messages
- 10,201
move to gentoo for 4000 machines is a bad idea. Sounds like a great idea to waste the companies time staring at compiler output for a couple days. Debian > Mandrake > Gentoo
Monkey34
Supreme [H]ardness
- Joined
- Apr 11, 2003
- Messages
- 5,140
Hmm. Did the rootkit revealer and did'nt find anything, so I guess I'm ok. This was a crazy read though: Mark's Sysinternals Blog .
I thought for sure it would pop up seeing as the cd I put in says "content protected", and only gives you 3 burns.
Autorun sucks.
I thought for sure it would pop up seeing as the cd I put in says "content protected", and only gives you 3 burns.
Autorun sucks.
Mine was easy, Panda Enterprise Secure emailed when one of my users got it. Panda removed the rootkit side (aries.sys) so there was no more cloaking. Then I went it, set both the services to disable, killed the running processes, and then deleted the files. Took away the users admin workstation rights and left. I'm going to add the startup process to my denied list in AD to stop it from even starting to install now that actually have one of the CDs.
i think this has a lot of information on it
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
Edit: my bad someone else already posted it.
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
Edit: my bad someone else already posted it.
Same here.XOR != OR said:Easy: My users don't get to install shit, so I'm figuring my infection rate is sitting right about at zero.
No ...-roms except in certain machines, autorun turned off in policies and registry editor disabled on all users (sans real admins) regardless of rights.
I am sorry for you folks that have the funky politics. My heart goes out to you while I sit here and post on forums.
Almost all corporate Anti-Virus programs are detecting it and removing it as well at this point. The "Corporate managers" at the top of our organization just caught wind of this "recent" threat. It was nice to let them know we had it taken care of in our environment, about a month ago...